A district court in Israel has rejected Amnesty International’s petition against the Israeli Ministry of Defence that sought to get NSO Group’s export licence revoked. Senior Judge Rachel Barkai of the Yafo District Court in Tel Aviv rejected the petition since she was satisfied with the rigour of the defence licensing process and subsequent monitoring of the licensees. Furthermore, she said that the petitioners, which included Amnesty and New York University’s Brennan Center for Justice, had not provided enough evidence to support their claim that attempts were made to monitor a human rights activist through their mobile phone, or that this surveillance was carried out by the NSO Group. NSO Group provided us a translated copy of the judgement (available here) and Amnesty International confirmed its accuracy.
“Without determining whether Respondent 5 [NSO Group] possesses a defense marketing and/or export license, I am satisfied that Respondents 1-4 [Defence Export Controls Agency, or DECA, Israeli Minister and Ministry of Defence, and Israeli Ministry of Foreign Affairs] conduct their activities with the utmost care prior to granting a marketing and/or export license and afterwards, the licensee is subject to close monitoring by DECA, which exhibits an elevated sensitivity to human rights violations,” Judge Barkai wrote. The decision was delivered on Sunday, in the absence of the parties involved.
Danna Ingleton, the acting co-director of Amnesty International, called this judgement “a cruel blow to people put at risk around the world by NSO Group selling its products to notorious human rights abusers”. We have reached out to Amnesty and NYU for more information and to know if they will appeal this decision.
In a statement to MediaNama, the NSO Group welcomed this judgement and reiterated their previous claims that they only provide their tools such as Pegasus to “authorized and verified government agencies”.
“NSO Group welcomes the court’s rejection of Amnesty International’s petition and the finding that their allegations did not have an evidentiary basis. The judgement is irrefutable evidence that the regulatory framework in which we operate in is of the highest international standard. Combined with NSO’s industry-leading governance frameworks, it underpins the fact that we are a global leader in commitment to the proper use of technology and respect for human rights. Advanced encryption by terrorists and criminals necessitates the kind of legal and proportionate response that NSO provides to authorised and verified government agencies. We help governments achieve this while ensuring that our technology is only used to fight terror and serious crime, and protect public safety. Our detractors, who have made baseless accusations to fit their own agendas, have no answer to the security challenges of the 21st century. Now that the court’s decision has shown that our industry is sufficiently regulated, the focus should turn to what answer those who seek to criticise NSO have to the abuse of encryption by nefarious groups.” — NSO spokesperson
According to Amnesty’s affidavit in the case and NSO Group’s previous statements, licensing of NSO Group’s products is vetted by Israel’s Defence Export Controls Agency (DECA), part of the Israeli MOD, “under the same type of licensing requirements and export restrictions applicable to military weapons and national security systems”. However, in November 2019, Israel’s security cabinet minister Zeev Elkin had denied any Israeli government involvement in sale of Pegasus by NSO Group.
NSO Group’s Pegasus used to target activists, politicians across the world
In May 2019, Amnesty International and New York University (NYU) had sued the Israeli Ministry of Defence (MOD) to get NSO Group’s export licence revoked. Amnesty’s affidavit for the lawsuit said that NSO Group had attempted to infect the mobile of an Amnesty employee with Pegasus in June 2018, a claim that Citizen Lab’s research also supported.
NSO Group’s most notorious spyware Pegasus has been sued to target human rights activists in India, Morocco, Saudi Arabia, Mexico and the UAE. While there is lack of clarity on whether slain Saudi journalist Jamal Khashoggi’s phone had been infected with Pegasus, Citizen Lab has established that a close confidant of Khashoggi — Omar Abdulaziz, a Saudi activist and Canadian permanent resident — was targeted back in 2018.
NSO Group’s activities are already under the scanner in Mexico while a Ghanaian court sentenced the buyers of Pegasus to prison in May this year. FBI is also reportedly investigating the group. Despite evidence that Pegasus was used to target at least 121 Indians using a WhatsApp vulnerability (because of which WhatsApp has sued NSO Group), the Indian government has refused to comment on whether or not it purchased the software, and maintained a stony silence about if it will investigate the use of such spyware.
On Monday, the Guardian and El País reported that Pegasus was used to spy on Roger Torrent, the speak of the Catalan regional parliaments, and at least two other pro-independence supporters. Citizen Lab, the University of Toronto-based research group that has been working with WhatsApp to identify the victims of Pegasus, reportedly informed Torrent. On Thursday, Spanish newspaper El País reported that as per sources, Spain’s CNI intelligence service has Pegasus at its disposal. The Spanish Interior Ministry has however publicly denied having acquired Pegasus. Until 2015, the CNI and the National Police were clients of Italian firm Hacking Team.
***Update (July 17 7:10 pm): Updated with link to the judgement, and El País’s report that Spanish intelligence service acquired Pegasus. Originally published on July 14, 2020 at 4:39 pm.